35 Malicious Apps on Google Play Store

More than two million Android users have downloaded malicious apps that bypass security protections to get into Google Play, researchers warn.

android malware

Once installed, the apps use sneaky techniques to hide from the user to prevent them from being removed, while displaying malicious ads that can be linked directly to malware.

A total of 35 "clearly malicious" apps in the Google Play store were discovered and analyzed in detail by Bitdefender researchers.
If you have downloaded any of these apps, you should delete them immediately.

According to Bitdefender, many of the apps are still available for download.

One of the apps the researchers discovered is called GPS Location Maps and has been downloaded by 100.000+ users. According to the researchers, after downloading, the app changes its label from “GPS Location Maps” to “Settings” to make it difficult to find and remove, and constantly displays pop-up ads linked to malicious websites.

This, and many other dangerous apps identified by Bitdefender, simulate user clicks to click on ads, helping fraudsters make extra money from forced visits.

The hackers behind the GPS Location Maps application have gone to great lengths to ensure that the malicious application is difficult to reverse engineer and control, since the malicious Java file is encrypted. Even when the files are decrypted, the code cannot be read.

The malicious app still uses a technique to stay hidden – it doesn't appear in the list of most recently used apps on Android devices.

Each of the malicious apps uses similar post-download behaviors, serving ads while disguising the icon as something else to hide it. Some of the malicious apps that have been downloaded over 100.000 times are Personality Charging Show, Image Warp Camera and Animated Sticker Finder.

Each of the malicious apps is listed as the only app published by a single developer, but their email addresses and websites are all very similar, leading Bitdefender to believe that all of the apps could be the work of a single team or person. Other apps that have been downloaded more than 100.000 times include Personality Charging Show, Image Warp Camera and Animated Sticker Finder.

APK hashes

Package name Hash Downloads
gb.packlivewalls.fournatewren 83fc9c22697d23126105bef2ac956c83a9b5cc700a3635ba93ccf999d15be5cc 100K +
gb.blindthirty.funkeyfour 5df41117cfb8fdf4549c0cad570c30411770857783b40d7a0eb5cee5c9a01623 100K +
gb.convenientsoftfiftyreal.threeborder 1dc46e16a7e477b9cd04a9a29c881254512d0ad5e89be6b120f30b06d4f5991b 100K +
gb.helectronsoftforty.comlivefour 92dcedc7054adde430407f430ee444ba6c0d70d5787eb92295360fc015b1f029 100K +
gb.fiftysubstantiated.wallsfour beb0e689572650355ad39165cfee0f3695507a39213913a54718631cb5d17b6b 100K +
gb.actualfifty.sevenelegantvideo 1ccd7ac60d2caa3ffb56648ba5dfbd942f9ad0416de0c215f3d11457a5a36d55 100K +
gb.crediblefifty.editconvincingeight 123a589ee242ee8ab1b072cbed287b4a20793e02f81a0cbe866ed346d68e0cb4 100K +
de.eightylamochenko.editioneight 46141428f4c5d878b2644aa76cf96ad277e5038443698e4232fd3d9c0eb2ed1c 100K +
gb.convincingmomentumeightyverified.realgamequicksix 731a6d533edbedf5944f6d3660c3984ff41950d4b748e1e1c41b8457ccef0a4a 100K +
gb.labcamerathirty.mathcamera 9453085d60429987598c44c81693d733c38468bc233feefef46f84769c24fd15 100K +
gb.mega.sixtyeffectcameravideo b40cca66d13d28745098fce90ac71d451ce28853ed81a7ff9f8bd908d91512db 100K +
gb.theme.twentythreetheme 0a366901588120665560c1e5dd0f7394ab6fedd4563c4c2951822b4194a8a42b 100k +
gb.tolltwentytwo.ikey d9bb7bf435c9af3e736bcc16626cf33e3b6e675a5f0a8fd1acd7e8c48e1bcd51 50K +
com.smart.tools.wifi 0e4f1b1a22b059b95a828215739298335b1fff7f54cf85c1c75fc30ca5ca6cd6 10K +
jkdf.gds.gds.g 4e5ea73770c5bee7fb8cbaeb188d2d7258ba8879cfdb4d459dfbdd7dd9a3e650 10K +
com.newsoft.camera 9102fd2b2a6c38a36e344db0c836c05172aff9169ff4389195ade3cc47cd086b 100K +
com.xmas.artgirlswallpaperhd 985600862b5fc4de0ec62322bf9eee4b6c0cc3fc5db6f23cb65cbe81088a3c8d 100k +
hj.jk.jikj.jkj 0cf16f21330acfb9006e8fa1d67d5f6d48e0623390482ce4835d1064e38c58d6 50K +
com.creator.smartqrcreator 4cd13ce239f6567744a2b4e9819cb420c3e311e05c1afab9d784eb344c8d4868 10K +
finze.lockgti.dae.cag 1b1d7e825c2299a17309074a2d411ee3480501e417482331f020d93a21c08e95 500+
kk.f.ea.tew.t 45cc6ac4b52492291bc572fa253dcc8db53b167080dd08490d16f8218b8ebfc3 100K +
com.xmas.girlsartwallpaper 3b6639df04f9745ff74d9fe58dcd529d58208248358291d06e65e04aa2481d97 10K +
sc.qs.vak e51585871b56d9c7707f8b41ab045dc26e11f976b519cc8e2fdc7a8cf79875e0 50K +
zzhse.ge.ge.ge.e 16d5fd1ab5cb0bea28dfb7333b7b419b5de00024d391a3cd8dce9a0823e09cfc 100K +
ice.ccylice.volume cb9fc87ff97e398a4375062d5d5ab8d29706d830cd2ef6fcde5aea30f6f4a45d 50K +
ck.lad.secret 4240ca3ea6eba010ee3b169cda066d8beeb7b8bf7a065abfeac9b75a301a1706 10K +
smart.ggps.lockact b720175c57ed84fe7fec73554dcf12e71c33e6a322a23b0663dc132edc7203ee 10K +
am.asm.master a00e1b5ca10efdf11fbd3c45349c4e3994134e3100a23f50df62a9398529b176 100K +
com.charging.show c519c9b63ce046c737fe9c222436f4138acfe9de277cc4da6019b8c3533e9aa9 100K +
com.voice.sleep.sounds 9885ef4f3dfff7962c8f2e319957d07755c192e68978962962492e60c73ac222 100K +
joao.de.def.e.aew 0ecaee04b59c137760b7aafa46772a3be7e3581b36d79b5c61ea713ccfe5a386 10K +
ifa.nod.vys 69f94ac8d1ce85d0904a3cafb7828b84e18ecd858a2d56aa4c2fdd1fd7afc02e 10K +
qu.motor.astrology 134aeabf2c66be6af458d5d51c22d237c1f260f1ab10dcb99b714eba5d8bff73 10K +
ice.ccylice.colorize 449328469b38378ca1214c421305d0706dca6cc79a68ea2e5e2904a519968c03 10K +
gb.sixtycreativecyber.magiceleganttwo 054f8bfa280654b0a5cc9b3a8652e438fb77dc63d66ffb10c06743ccf290342b 50K +


iGuRu.gr The Best Technology Site in Greecefgns

bitdefender, google play store, android, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).